读者数据归集的规范建构——以公共图书馆为研究视角  

作　　者：刘俊宜 钟邓鹏 Liu Junyi;Zhong Dengpeng(School of Government and Management,Yan'an University)

机构地区：[1]延安大学政法与公共管理学院,陕西延安716000

出　　处：《图书馆》2024年第10期22-29,51,共9页Library

基　　金：延安大学科研专项项目“延安时期党的自我革命制度规范理论与实践研究”(项目编号:2023JBSK-003)的阶段性研究成果。

摘　　要：随着阅读途径的多元化,以公共图书馆和私人阅读软件为代表的数据归集主体面临着隐私泄露、财产侵害的风险。行政机关对读者数据的再次归集增加了读者作为自然人所享有的权利受到损害的风险。对读者数据保护力度不足有以下固有原因:一是图书馆作为数据归集者,其与作为数据主体的读者之间的关系并不平等,且二者的地位即使经过法律的调整仍不平等;二是现行法对读者个人信息的认定较为泛化,导致几乎所有的读者数据都会受到高规格的保护。对此,文章认为可从四个方面对读者数据的归集进行规范,以规避读者数据归集带来的风险。第一,立法者、监管者不应对图书馆规定过分的合规义务,而应通过合理归责激励图书馆实现数据合规;第二,图书馆应将读者数据进行去标识化处理,以从源头化解读者数据背后蕴藏的多元化风险;第三,在对读者数据进行匿名化处理时,匿名化的标准优劣应得到场景化评价,以更好地平衡读者数据风险的归责;第四,应对读者数据进行合规风险评估,以客观了解其所面临的风险指数。With the diversification of reading pathways in China,the data-collecting subjects represented by public libraries and private reading software are facing increasing risks of privacy leakage and property infringement.The re-collecting of reader data by administrative authorities increases the risk of damage to the rights enjoyed by readers as natural persons.There are inherent reasons for the inadequate protection of reader data.Firstly,the relationship between the library as the data collector and the readers as the data subjects is not equal,and the status between the two is still not harmonized even after the adjustment of the law.Secondly,the current law generalizes the identification of readers'personal information,resulting in almost all of the readers’data needing to be protected at a high level.In this regard,four aspects can be regulated and guaranteed for the collection of reader data in order to avoid the risks brought by the collection of reader data.First,legislators and regulators should not impose excessive compliance obligations on libraries,but rather incentivize libraries to achieve data compliance through reasonable attribution of responsibility;second,libraries should de-identify reader data to remove the diversified risks behind reader data from the source;third,when anonymizing reader data,the advantages and disadvantages of anonymization criteria should be evaluated in a scenario;fourth,perform a compliance risk assessment of reader data to objectively understand the risk index to which the implementation is exposed.

关 键 词：图书馆 读者数据 个人信息保护 数据风险 

分 类 号：G250.7[文化科学—图书馆学]